11/21/2008

There’s this great CPU feature called “nx” — it protects your computer from intrusion by blocking execution of memory regions that weren’t expected to be executable (i.e. stack/heap data). You really want this enabled. Unfortunately for you, it seems some BIOSes default to disabling it. On Dell laptops, look under “Security” / “CPU XD Support”: you want it enabled. In an American Megatrends BIOS, I found it under “CPU Features” / “Execute Disable Bit”: you want it enabled.

As far as making use of the CPU feature once it’s not disabled in the BIOS, you’re already using it if you’re running a 64bit kernel. And if you’re using 32bit, you can start using it if you install the -server flavor of the 32bit kernel. As a bonus, you get to address all your physical RAM if you do this too (since -server’s “PAE” mode is the kernel mode that allows “nx” to work). For Ubuntu Jaunty, I’m hoping to get some element of the system (installer? jockey?) to make the right kernel selection for a given system.